Folio Lab

Privacy Policy

Last updated: 6 May 2026

Folio Lab ("we", "us", or "our") respects your privacy. This Privacy Policy explains what personal data we collect when you use our portfolio optimization platform (the "Service"), how we use it, and the choices you have. It applies in addition to our Terms of Service.

On this page

1. Scope

This policy applies to data we process about visitors to our website and account holders of the Service. It is intended to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 along with applicable rules.

2. Data We Collect

We collect only what we need to operate the Service.

  • Account data: name, email, hashed password, and (for Google sign-in) the basic profile information Google provides.
  • Subscription and billing data: plan, subscription status, billing history, and payment metadata returned by our payment processor (Dodo Payments). We do not store full card numbers, CVVs, or UPI PINs on our servers.
  • Usage content: the inputs you submit to optimize portfolios (tickers, constraints, notes), the optimization runs you create, and the resulting outputs.
  • Technical data: IP address, device type, browser, pages visited, timestamps, and error logs. We use this for security, debugging, and product analytics.
  • Communications: emails or messages you send us, including support requests.

3. How We Use Your Data

  • To provide, secure, and maintain the Service.
  • To run optimizations, store your runs, and show you results.
  • To process payments, manage subscriptions, and send transactional emails (verification, billing receipts, password resets).
  • To respond to support requests and notify you about material changes to the Service.
  • To analyse aggregated usage so we can improve performance, debug issues, and prioritise features. Aggregated and anonymised data is not used to identify individuals.
  • To detect, prevent, and respond to fraud, abuse, or security incidents.
  • To comply with our legal obligations.

We do not sell your personal data, and we do not use your inputs or run history to advertise to you.

5. How We Share Data

We share data only with service providers who help us operate the Service, and only to the extent necessary:

  • Cloud infrastructure: hosting, storage, and content delivery.
  • Payments: Dodo Payments processes subscriptions and stores billing data.
  • Authentication: Google (for Sign in with Google) when you choose that method.
  • Analytics and error tracking: tools such as PostHog to understand product usage and diagnose failures.
  • Email delivery: transactional email providers used to send verification and billing emails.
  • Legal: if required by law, regulation, court order, or to protect rights, safety, or property.
  • Business transfers: if Folio Lab is involved in a merger, acquisition, or sale of assets, your data may be transferred subject to this Policy.

6. Cookies and Analytics

We use a small number of cookies and similar technologies to keep you signed in, remember preferences (such as theme), and measure product usage. You can disable non-essential cookies through your browser settings; some parts of the Service may not work without essential cookies.

7. Data Retention

We retain account and usage data for as long as your account is active. After you delete your account, we delete or anonymise personal data within a reasonable period, except where we must retain it to comply with legal, accounting, or fraud-prevention obligations (for example, billing records). Backups are rotated on a routine schedule.

8. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), hashed passwords, access controls, and regular security reviews. No system is perfectly secure: if we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

9. Your Rights

Subject to applicable law, including the DPDP Act, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Erase your account and personal data, subject to retention requirements above.
  • Withdraw consent for processing where consent is the basis.
  • Nominate another person to exercise these rights on your behalf in the event of death or incapacity.
  • Lodge a grievance with our Grievance Officer (see Section 13) and, if unresolved, with the Data Protection Board of India.

To exercise any of these rights, email support@foliolab.ai. We may need to verify your identity before acting.

10. Children

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us so we can delete it.

11. International Transfers

Some of our service providers operate outside India. Where we transfer personal data outside India, we do so only in accordance with applicable law and only to the countries permitted by the Central Government under the DPDP Act. We rely on contractual safeguards with those providers to protect your data.

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Grievance Officer and Contact

If you have any questions, complaints, or concerns about how your personal data is handled, you may contact our Grievance Officer at support@foliolab.ai. We aim to acknowledge complaints within 48 hours and resolve them within 30 days, in line with the Information Technology (Reasonable Security Practices) Rules, 2011 and the DPDP Act.

For any other privacy-related questions, write to support@foliolab.ai.